Creating server certificate
From VVCWiki
Jump to navigationJump to search
Create openssl config file
Here is an example of server.cnf
[ req ] default_bits = 2048 default_md = sha1 distinguished_name = req_dn req_extensions = cert_type prompt = no [ req_dn ] # country (2 letter code) C=US # State or Province Name (full name) ST=Missouri # Locality Name (eg. city) L=St. Louis # Organization (eg. company) O=IVK/VVC # Organizational Unit Name (eg. section) OU=VPS1 server # Common Name (*.example.com is also possible) CN=vps1.chepkov.com # E-mail contact emailAddress=root@ivk.com.au [ cert_type ] keyUsage=digitalSignature,keyEncipherment extendedKeyUsage=serverAuth subjectAltName=IP:209.20.74.232,DNS:vps1.chepkov.com,DNS:ivk.com.au
- Note: Using a file like this with subjectAltName is the only way to generate a request that will result in a certificate that is valid for more than one name.
Generate server private key
openssl genrsa -out server.key 2048
Generate certificate request
openssl req -new -key server.key -out server.csr -config server.cnf
Now you need to send your request to a certificate authority or if you have your own, sign the request (see example) You will get server certificate server.crt
Generate self-signed certificate
openssl req -new -x509 -days 3650 -key server.key -out server.crt -config server.cnf -extensions cert_type